Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WIndows Update' = '<SYSTEM32>\taskmgr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe <SYSTEM32>\taskmgr.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WIndows Update' = '<SYSTEM32>\taskmgr.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunServices] 'WIndows Update' = '<SYSTEM32>\taskmgr.exe'
- <SYSTEM32>\taskmgr.exe
- <SYSTEM32>\taskmgr.exe файлом <SYSTEM32>\taskmgr.exe.new
- '<SYSTEM32>\taskmgr.exe'
- '<SYSTEM32>\ping.exe' 111.111.111.111 -n 1 -w 3000
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\run.bat" "
- <SYSTEM32>\run.bat
- 'ir#.##.euirc.net':6667
- DNS ASK ir#.##.euirc.net
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'